1typeattribute netd coredomain; 2 3init_daemon_domain(netd) 4 5# Allow netd to spawn dnsmasq in it's own domain 6domain_auto_trans(netd, dnsmasq_exec, dnsmasq) 7 8# Allow netd to start clatd in its own domain 9domain_auto_trans(netd, clatd_exec, clatd) 10 11# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write 12# the map created by bpfloader 13allow netd bpfloader:bpf { prog_run map_read map_write }; 14 15# in order to invoke side effect of close() on such a socket calling synchronize_rcu() 16# TODO: Remove this permission when 4.9 kernel is deprecated. 17allow netd self:key_socket create; 18 19get_prop(netd, bpf_progs_loaded_prop) 20 21# Allow netd to write to statsd. 22unix_socket_send(netd, statsdw, statsd) 23 24# Allow netd to send callbacks to network_stack 25binder_call(netd, network_stack) 26 27# Allow netd to send dump info to dumpstate 28allow netd dumpstate:fd use; 29allow netd dumpstate:fifo_file { getattr write }; 30